January 2004 - Posts
This defect seems to have led a few more people astray then the last. While no one posted publicly several people emailed me solutions. Thanks to all who contributed! So let’s start with the hints: Hint #1: It is not only important to test return
Read More...
There are a few defects here ... ranging from a design issue to a potential buffer-overrun that could cause your system to be comprised and the attacker to be able to execute arbitrary code on your machine. Hint #1: It is not only important to test return
Read More...
Since there was positive feedback on the last one - here is another. I will post hints and the solution next week. There are multiple defects in this code. I added the _tmain to give some context on how the function getVersionString might be called. The
Read More...
So the results are back – and that was some buggy code! First I want to thank everyone who played along. Both those that had the courage to post to the public comments and those that replied offline. Also - before I go further - is this something
Read More...
When you read bad code you learn what not to do. You learn to identify the many classes of errors and the patterns that often lead up to them. When you read good code you learn how to write good code. You observe “tricks” of good programmers
Read More...
[migrated from my other blog] I can never leave well-enough alone. If I read “this is how this works“ then it's only a matter of time before I write my own example to proof what I just read. This post is another example of that... There is
Read More...
[Since people asked - I re-posted this from my other blog. I didn't “steal“ it.] Recently on Raymond Chen’s blog he had a post about not trusting return addresses . Specifically to not use the _ReturnAddress() intrinsic and GetModuleHandleEx
Read More...
